Add Intel RDT support

Add --rdt-class=COS to the create and run command to enable the
assignment of a container to a Class of Service (COS). The COS
represents a part of the cache based on the Cache Allocation Technology
(CAT) feature that is part of Intel's Resource Director Technology
(Intel RDT) feature set. By assigning a container to a COS, all PID's of
the container have only access to the cache space defined for this COS.
The COS has to be pre-configured based on the resctrl kernel driver.
cat_l2 and cat_l3 flags in /proc/cpuinfo represent CAT support for cache
level 2 and 3 respectively.

Signed-off-by: Wolfgang Pross <wolfgang.pross@intel.com>

cmd/podman/common/create.go

@@ -370,6 +370,14 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 			"quiet", "q", false,
 			"Suppress output information when pulling images",
 		)
+		rdtClassFlagName := "rdt-class"
+		createFlags.StringVar(
+			&cf.IntelRdtClosID,
+			rdtClassFlagName, cf.IntelRdtClosID,
+			"Class of Service (COS) that the container should be assigned to",
+		)
+		_ = cmd.RegisterFlagCompletionFunc(rdtClassFlagName, AutocompletePullOption)
+
 		createFlags.BoolVar(
 			&cf.ReadOnly,
 			"read-only", podmanConfig.ContainersConfDefaultsRO.Containers.ReadOnly,

libpod/container_inspect.go

@@ -198,6 +198,13 @@ func (c *Container) getContainerInspectData(size bool, driverData *define.Driver
 		}
 	}
 
+	if ctrSpec.Linux.IntelRdt != nil {
+		if ctrSpec.Linux.IntelRdt.ClosID != "" {
+			// container is assigned to a ClosID
+			data.State.IntelRdtClosID = ctrSpec.Linux.IntelRdt.ClosID
+		}
+	}
+
 	networkConfig, err := c.getContainerNetworkInfo()
 	if err != nil {
 		return nil, err

libpod/define/container_inspect.go

@@ -229,6 +229,7 @@ type InspectContainerState struct {
 	RestoreLog     string             `json:"RestoreLog,omitempty"`
 	Restored       bool               `json:"Restored,omitempty"`
 	StoppedByUser  bool               `json:"StoppedByUser,omitempty"`
+	IntelRdtClosID string             `json:"IntelRdtClosID,omitempty"`
 }
 
 // Healthcheck returns the HealthCheckResults. This is used for old podman compat

pkg/domain/entities/pods.go

@@ -224,6 +224,7 @@ type ContainerCreateOptions struct {
 	Init               bool
 	InitContainerType  string
 	InitPath           string
+	IntelRdtClosID     string
 	Interactive        bool
 	IPC                string
 	Label              []string

pkg/specgen/generate/oci_linux.go

@@ -216,6 +216,12 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 		g.AddAnnotation(key, val)
 	}
 
+	if s.IntelRdt != nil {
+		if s.IntelRdt.ClosID != "" {
+			g.SetLinuxIntelRdtClosID(s.IntelRdt.ClosID)
+		}
+	}
+
 	if s.ResourceLimits != nil {
 		out, err := json.Marshal(s.ResourceLimits)
 		if err != nil {

pkg/specgen/specgen.go

@@ -514,6 +514,10 @@ type ContainerNetworkConfig struct {
 
 // ContainerResourceConfig contains information on container resource limits.
 type ContainerResourceConfig struct {
+	// IntelRdt defines the Intel RDT CAT Class of Service (COS) that all processes
+	// of the container should run in.
+	// Optional.
+	IntelRdt *spec.LinuxIntelRdt `json:"intelRdt,omitempty"`
 	// ResourceLimits are resource limits to apply to the container.,
 	// Can only be set as root on cgroups v1 systems, but can be set as
 	// rootless as well for cgroups v2.

pkg/specgenutil/specgen.go

@@ -491,6 +491,12 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 		s.Labels = labels
 	}
 
+	// Intel RDT CAT
+	s.IntelRdt = &specs.LinuxIntelRdt{}
+	if c.IntelRdtClosID != "" {
+		s.IntelRdt.ClosID = c.IntelRdtClosID
+	}
+
 	// ANNOTATIONS
 	annotations := make(map[string]string)